Layer7 API Management

Hi,

I installed two Gateway 9.2 nodes(host1, host2) as cluster and setup nginx as load balancer on host3. I can login Policy Manager to operate well connecting to host3 with port 8443 which means the load balancer works well.

Now I installed OTK 3.6 and followed the guide to update the two <YOUR_SSG> in callback URL as https://host3:8443 in Test 2.0 client.

When I tried to open https://host3:8443/oauth/v2/client in browser, it was redirected to https://host3/oauth/v2/client/authcode  and can't find the site because the port is 443 in the redirected url. If I manually add port 8443 as https://host3:8443/oauth/v2/client/authcode and tried to open, the page can be opened. Then I will get error_description: Mismatching redirect_uri. Given: 'https://host3:443/oauth/v2/client/authcode' if I click the "INITIATE" button to initiate a new OAuth handshake.

So the issue is that the port was set to 443 in the redirect url. Does anyone have idea how to fix it?

If I access the test client with Gateway node1(https://host1:8443/oauth/v2/client) directly, the port in the redirect url is 8443. I didn't add any 443 listener in nginx conf file. 

Thanks

Yang

is your cluster hostname  same as host3

Hi,

Yes, the cluster.hostname is host3.

I did more test just now. It may be related with the nginx. I created one simple web API named test1 to print ${request.url.protocol}://${request.url.host}:${request.url.port}${request.url.path} in the response. My request is https://host3:8443/test1 but the response is https://host3:443/test1.

The question is that Gateway is listening on 8443 port and can respond but why the ${request.url.port} is 443 ? I haven't found the solution. 

I already simplified the nginx conf to forward request to one Gateway node(host1) already:

    server {
        listen       8443 ssl;

        ssl_certificate      gwhttpd.crt;
        ssl_certificate_key  gwhttpd.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  10m;

        ssl_prefer_server_ciphers  on;

        location / {
             proxy_pass https://host1:8443;  
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
        }
    }

Issue was resolved by changing

proxy_set_header Host $host;

to

proxy_set_header Host $http_host;

In the nginx.conf file.

$host is the cluster hostname only and doesn't include port in the request header so Gateway will use port 443 by default. $http_host includes both hostname and port so Gateway will get the original port 8443 from the header.